Discover 1352 Wordpress Plugin XSS
Larry Cashdollar at BSides Boston 2016
In a single night, I was able to find about 1400 vulnerabilities in wordpress plugins. Not only that, but they were all a single kind of vulnerability, cross site scripting (XSS). Using techniques that I have developed, I was able to mass download plugins and scan them for unsanitized outputs from a user. In this talk, I will show how I did it and how I have responsibly notified the community.
Larry Cashdollar has been working in the security field and finding vulnerabilities for over 15 years. With a couple thousand CVEs to his name, he is a known researcher in the field. You can see many of the disclosed vulnerabilities at vapidlabs.com. He is a member of the SIRT at Akamai Technologies.
Larry Cashdollar has been working in the security field and finding vulnerabilities for over 15 years. With a couple thousand CVEs to his name, he is a known researcher in the field. You can see many of the disclosed vulnerabilities at vapidlabs.com. He is a member of the SIRT at Akamai Technologies.